You’d be surprised… I ran a MITM proxy on my phone’s network and then downloaded ~30 of those scam apps which just wrap ChatGPT (you know, with names like “Best GPT AI chat 4”).
I found about a third were connecting to OpenAI directly, exposing their full API key in the headers of every request.
Amazing! Steal their keys and stop their $29.99/mo subscription after one month. Profit!
Even if they don’t expose the key it’s likely they are proxying the API with their own “security” which should not be too hard to steal the lang lasting token
There is no way to use it in the frontend securely. Communicating with OpenAI will have to happen on the backend and to prevent anyone from abusing your API, it will have to be protected by authentication.
Yeah sounds like OP is advertising an MVP that you can run in localhost with the sole purpose of proving a concept. There's no way this is going to any wise-man production project
Connect to a backend api that does the requests to OpenAi. Setup CORS to prevent embedding on other sites. And remember your api is still completely unauthenticated so add rate limiting and a block list to limit abuse.
I like this project! I’ve been thinking of looking for something similar involving GPTV to see what the user sees, and then sending that info along with context to an assistant group with autogen. (This is because I have found groups of agents to deliver better results for my usecase than a single conversational agent). Would be nice to see stuff like this come together over time. Good luck !
What are the alternatives for such a React component that lets applications integrate LLM into their apps? I was hoping to find an alternative that can understand the context of the webpage, let me map functions, etc.